From e22b2b837101a53ce4d99948e1d02c5b94449335 Mon Sep 17 00:00:00 2001
From: Matteo Corti <matteo@corti.li>
Date: Fri, 7 Apr 2023 17:21:45 +0200
Subject: [PATCH] Fixes #451

---
 CITATION.cff              |  4 ++--
 ChangeLog                 |  4 ++++
 NEWS.md                   |  2 ++
 RELEASE_NOTES.md          |  3 +--
 VERSION                   |  2 +-
 check_ssl_cert            |  4 ++--
 check_ssl_cert.1          |  2 +-
 check_ssl_cert.spec       |  5 ++++-
 test/integration_tests.sh | 36 ++++++++++++++++++++++++++++++++++++
 9 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/CITATION.cff b/CITATION.cff
index 61c9121..37a6e4c 100644
--- a/CITATION.cff
+++ b/CITATION.cff
@@ -248,8 +248,8 @@ authors:
   given-names: "Дилян"
   website: https://github.com/dilyanpalauzov
 title: "check_ssl_cert"
-version: 2.63.0
-date-released: 2023-04-05
+version: 2.64.0
+date-released: 2023-04-07
 url: "https://github.com/matteocorti/check_ssl_cert"
 repository-code: "https://github.com/matteocorti/check_ssl_cert"
 keywords:
diff --git a/ChangeLog b/ChangeLog
index 7da37ed..41b97e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2023-04-07  Matteo Corti  <matteo@corti.li>
+
+        * check_ssl_cert (main): Fixed the resolution of hosts with IPv6 addresses only
+
 2023-04-05  Matteo Corti  <matteo@corti.li>
 
         * check_ssl_cert (main): Better (earlier) check for non-existing hosts
diff --git a/NEWS.md b/NEWS.md
index 25064f7..d6ea8be 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,5 +1,7 @@
 # News
 
+* 2023-04-07 Version 2.64.0
+  * Fixed the resolution of hosts with IPv6 addresses only
 * 2023-04-05 Version 2.63.0
   * Command line option to ignore SSL Labs errors (```-ignore-ssl-labs-errors```)
   * Better checks for non-resolvable hosts
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index c27847e..be3d582 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -1,2 +1 @@
- * Command line option to ignore SSL Labs errors (```-ignore-ssl-labs-errors```)
- * Better checks for non-resolvable hosts
+Fixed the resolution of hosts with IPv6 addresses only
diff --git a/VERSION b/VERSION
index e604dbd..d1524d4 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.63.0
+2.64.0
diff --git a/check_ssl_cert b/check_ssl_cert
index b1946d1..9b5559b 100755
--- a/check_ssl_cert
+++ b/check_ssl_cert
@@ -31,7 +31,7 @@
 ################################################################################
 # Constants
 
-VERSION=2.63.0
+VERSION=2.64.0
 SHORTNAME="SSL_CERT"
 
 VALID_ATTRIBUTES=",startdate,enddate,subject,issuer,modulus,serial,hash,email,ocsp_uri,fingerprint,"
@@ -4212,7 +4212,7 @@ main() {
                 critical "${SHORTNAME} CRITICAL: Cannot resolve ${HOST} (no AAAA record)"
             fi
         else
-            if ! host "${HOST}" | grep -q 'has address' ; then
+            if ! host "${HOST}" | grep -q 'has .*address' ; then
                 critical "${SHORTNAME} CRITICAL: Cannot resolve ${HOST}"
             fi
         fi
diff --git a/check_ssl_cert.1 b/check_ssl_cert.1
index 57824cd..8ac7935 100644
--- a/check_ssl_cert.1
+++ b/check_ssl_cert.1
@@ -1,7 +1,7 @@
 .\" Process this file with
 .\" groff -man -Tascii check_ssl_cert.1
 .\"
-.TH "check_ssl_cert" 1 "April, 2023" "2.63.0" "USER COMMANDS"
+.TH "check_ssl_cert" 1 "April, 2023" "2.64.0" "USER COMMANDS"
 .SH NAME
 check_ssl_cert \- checks the validity of X.509 certificates
 .SH SYNOPSIS
diff --git a/check_ssl_cert.spec b/check_ssl_cert.spec
index 75c997d..11de364 100644
--- a/check_ssl_cert.spec
+++ b/check_ssl_cert.spec
@@ -1,4 +1,4 @@
-%global version          2.63.0
+%global version          2.64.0
 %global release          0
 %global sourcename       check_ssl_cert
 %global packagename      nagios-plugins-check_ssl_cert
@@ -54,6 +54,9 @@ rm -rf $RPM_BUILD_ROOT
 %endif
 
 %changelog
+* Fri Apr   7 2023 Matteo Corti <matteo@corti.li> - 2.64.0-0
+- Updated to 2.64.0
+
 * Wed Apr   5 2023 Matteo Corti <matteo@corti.li> - 2.63.0-0
 - Updated to 2.63.0
 
diff --git a/test/integration_tests.sh b/test/integration_tests.sh
index 218fb0e..49ea052 100755
--- a/test/integration_tests.sh
+++ b/test/integration_tests.sh
@@ -881,6 +881,42 @@ testIPv6() {
     fi
 }
 
+testIPv6Only() {
+    if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -6; then
+
+        IPV6=
+        if command -v ifconfig >/dev/null && ifconfig -a | grep -q -F inet6; then
+            IPV6=1
+        elif command -v ip >/dev/null && ip addr | grep -q -F inet6; then
+            IPV6=1
+        fi
+
+        if [ -n "${IPV6}" ]; then
+
+            echo "IPv6 is configured"
+
+            if ping6 -c 3 ipv6.corti.li >/dev/null 2>&1; then
+
+                echo "IPv6 is working"
+
+                # shellcheck disable=SC2086
+                ${SCRIPT} ${TEST_DEBUG} --rootcert-file cabundle.crt -H ipv6.corti.li --ignore-host-cn --ignore-exp
+                EXIT_CODE=$?
+                assertEquals "wrong exit code" "${NAGIOS_OK}" "${EXIT_CODE}"
+
+            else
+                echo "IPv6 is configured but not working: skipping test"
+            fi
+
+        else
+            echo "Skipping forcing IPv6: not IPv6 configured locally"
+        fi
+
+    else
+        echo "Skipping forcing IPv6: no OpenSSL support"
+    fi
+}
+
 testIPv6Numeric() {
     if "${OPENSSL}" s_client -help 2>&1 | grep -q -- -6; then